Use of the World Wide Web continues to increase, as does the amount and variety of content that is available to its users. Users of the World Wide Web commonly use browsers (web browsers) implemented on a web-enabled computing device to access content. Such devices include personal computers, laptop computers, netbook computers, entertainment devices, such as televisions, game consoles, and DVD players with internet access, smartphones and cell phones, among a number of other possible devices. Such web browsers are configured to read programmatic code and render that code as web pages, which may include rendering both audio and visual content contained in various media files (e.g., image, video and audio files), as well as performing other functions defined in the programmatic code. Web pages are generally implemented using programming languages such as HTML (including HTML5), CSS and JavaScript, among a number of other available programming languages.
Browser-based applications, also referred to as web applications or web extensions, are software applications that may be designed to run in a web browser or with a browser-based runtime environment. Such applications are often available through a web store that may cater to a specific browser or a browser-based runtime environment. For increased security, some browsers run browser-based applications in a sandboxed environment so that the browser strictly controls access to system resource by the browser-based applications. Accordingly, such applications may not be able to save files or manipulate system hardware, such as a camera.
Native applications are software applications that run on a personal computing device and do not require a browser or a browser-based runtime to execute. Native applications may generally run without restrictions. Some native application developers desire to allow communications between web applications and native applications. For example, a native application developer may desire to reuse existing legacy or proprietary code in the native application from a browser-based application. Browser-based applications can use Netscape Plugin Application Programming Interface (NPAPI) plugins to communicate with native applications. But NPAPI is not supported by all platforms, is planned for future deactivation, and comes with security risks such as exposing the native application functions to unwanted or objectionable extensions or web applications. For example, code running in with NPAPI has the full permissions of the current user and is not sandboxed or shielded from malicious input. Therefore, an attacker might be able to exploit vulnerability in the extension or web application to install malicious software on the user's machine.